Security Bulletin: Spice-server vulnerabilities affect IBM SmartCloud Entry (CVE-2016-0749 CVE-2016-2150 )

Summary SmartCloud Entry is vulerable to Spice-server vulnerabilities. Attackers could exploit them to cause improper bounds checking by smartcard interaction or bypass security restrictions Vulnerability Details CVEID: CVE-2016-0749 DESCRIPTION: Red Hat spice is vulnerable to a heap-based buffer...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry

Summary OpenSSL vulnerabilities were disclosed on 28th Jan 2016, March 1, 2016 ,May 3 2016 by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVEs - CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176...

Security Bulletin: Libxml2 vulnerabilities affect IBM SmartCloud Entry (CVE-2015-1819)

Summary IBM SmartCloud Entry is vulnerable to several libxml2 vulnerabilities. Remote attackers can exploit them to consume all available memory resources. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injecti...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306...

Security Bulletin: glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

Summary IBM SmartCloud Entry is vulnerable to a glic vulnerability, which allows a romote attacker overflow a buffer and cause the application to crash. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper...

Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)

Summary IBM SmartCloud Entry is vulnerable to Python vulnerabilities. Attackers could exploit these vulnerabilities to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer, inject arbitrary HTTP headers...

Security Bulletin: Vulnerabilities in Qemu-kvm affect IBM SmartCloud Entry

Summary IBM SmartCloud Entry is vulnerable to Qemu-kvm vulnerabilities. Attackers could overflow a buffer and execute arbitrary code on the system or cause the application to crash, or could exploit these vulnerabilities to gain elevated privileges on the host system or cause a denial of service,...

Security Bulletin: Grep vulnerabilities affect IBM SmartCloud Entry (CVE-2012-5667)

Summary IBM SmartCloud Entry is vulnerable to several Grep vulnerabilities. Remote attackers can exploit them to obtain sensetive information or launch further attacks on the system. Vulnerability Details CVEID: CVE-2012-5667 DESCRIPTION: grep is vulnerable to a heap-based buffer overflow, caused...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.25 and Version 7.0.9.35 that is used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in July 2016 and October 2016 and includes the vulnerability commonly...

Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-5240 CVE-2015-3280)

Summary IBM SmartCloud Entry is vulnerable to a Nova vulnerability that allows a remote authenticated attacker to cause a denial of service. IBM SmartCloud Entry is vulnerable to a Neutron vulnerability that allows an attacker to bypass firewall rules and gain access to applications. Vulnerabilit...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.5 used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with th...

Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry

Summary Multiple vulnerabilities have been identified in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util. coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util shipped with IBM SmartCloud Entry Appliance. IBM SmartCloud Entry Appliance has addressed the vulnerabilities...

Security Bulletin: Nss-util vulnerabilities affect IBM SmartCloud Entry( CVE-2016-1950 )

Summary IBM SmartCloud Entry is vulnerable to a nss-tuil vulnerability, attackers could exploit it to cause the application to crash. Vulnerability Details CVEID: CVE-2016-1950 DESCRIPTION: Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.21 and Version 7.0.9.20 that is used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as...

Security Bulletin: Vulnerability in SSLv3 affects IBM SmartCloud Entry (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM SmartCloud Entry. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

Security Bulletin: Security vulnerability in Apache HTTP affects IBM SmartCloud Entry (CVE-2017-9798)

Summary IBM SmartCloud Entry has addressed the vulnerability in Apache HTTP. Following are the vulnerability details. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS...

Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM SmartCloud Entry (CVE-2014-8121)

Summary IBM SmartCloud Entry is vulnerable to GNU C library glibc vulnerabilities. Remote attackers can exploit them to cause the application to enter into an infinite loop. Vulnerability Details CVEID: CVE-2014-8121 DESCRIPTION: GNU C Library glibc is vulnerable to a denial of service, caused by...

Security Bulletin: OpenSSL vulnerabilities affect IBM SmartCloud Entry

Summary IBM SmartCloud Entry is vulnerable to several OpenSSL vulnerabilities, attackers could exploit them to cause a denial of service or execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...

Security Bulletin: Nss,Nss-util and Nspr vulnerabilities affect IBM SmartCloud Entry (CVE-2016-1978, CVE-2016-1979 )

Summary IBM SmartCloud Entry is vulnerable to multiple vulnerabilities in nss, nss-util and nspr. Attackers could exloit them using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. Vulnerability Details CVEID: CVE-2016-1978 DESCRIPTION: Mozil...

Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-7548, CVE-2015-8749 CVE-2015-1850)

Summary IBM SmartClound Entry is vulnerable to several Openstack Nova vulerabilities, which could allow a local authenticated attacker or a remote attacker to obtain sensitive information Vulnerability Details CVEID: CVE-2015-8749 DESCRIPTION: OpenStack Nova could allow a remote attacker to obtai...